commit cb1108c936e85348e2b39bd49c8b82d830e8a54f
parent a7b29df7f80e6069c08ec1cf232fb626fa9a44ec
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Sat, 3 Dec 2022 20:07:45 -0500
NoAuth middleware to redirect authenticated users on endpoint that needs no auth
Diffstat:
3 files changed, 31 insertions(+), 47 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -207,12 +207,6 @@ func LoginHandler(c echo.Context) error {
return c.NoContent(http.StatusNotFound)
}
- // If already logged in, redirect.
- authUser := c.Get("authUser").(*database.User)
- if authUser != nil {
- return c.Redirect(http.StatusFound, "/")
- }
-
// If first use, redirect.
if config.IsFirstUse.IsTrue() {
return c.Redirect(http.StatusFound, "/")
@@ -235,12 +229,6 @@ func LoginAttackHandler(c echo.Context) error {
return c.NoContent(http.StatusNotFound)
}
- // If already logged in, redirect.
- authUser := c.Get("authUser").(*database.User)
- if authUser != nil {
- return c.Redirect(http.StatusFound, "/")
- }
-
// If first use, redirect.
if config.IsFirstUse.IsTrue() {
return c.Redirect(http.StatusFound, "/")
@@ -688,12 +676,6 @@ func SignupAttackHandler(c echo.Context) error {
return c.NoContent(http.StatusNotFound)
}
- // If already logged in, redirect.
- authUser := c.Get("authUser").(*database.User)
- if authUser != nil {
- return c.Redirect(http.StatusFound, "/")
- }
-
// If first use, redirect.
if config.IsFirstUse.IsTrue() {
return c.Redirect(http.StatusFound, "/")
@@ -1049,12 +1031,6 @@ func generateCaptchaCssFrames(captchaSec int64) (frames []string) {
// ForgotPasswordHandler ...
func ForgotPasswordHandler(c echo.Context) error {
- // If already logged in, redirect.
- authUser := c.Get("authUser").(*database.User)
- if authUser != nil {
- return c.Redirect(http.StatusFound, "/")
- }
-
var data forgotPasswordData
data.Step = 1
diff --git a/pkg/web/middlewares/middlewares.go b/pkg/web/middlewares/middlewares.go
@@ -462,6 +462,16 @@ func MaybeAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
}
}
+// NoAuthMiddleware redirect to / is the user is authenticated
+func NoAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
+ return func(c echo.Context) error {
+ if user := c.Get("authUser").(*database.User); user != nil {
+ return c.Redirect(http.StatusFound, "/")
+ }
+ return next(c)
+ }
+}
+
// SecureMiddleware ...
var SecureMiddleware = middleware.SecureWithConfig(middleware.SecureConfig{
XSSProtection: "1; mode=block",
diff --git a/pkg/web/web.go b/pkg/web/web.go
@@ -66,31 +66,29 @@ func getMainServer() echo.HandlerFunc {
e.Use(middlewares.AprilFoolMiddleware())
e.GET("/", handlers.HomeHandler, middlewares.CircuitRateLimitMiddleware(15*time.Second, 4, true))
e.POST("/", handlers.HomeHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.GET("/login", handlers.LoginHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/login", handlers.LoginHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.GET("/login/:loginToken", handlers.LoginAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/login/:loginToken", handlers.LoginAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
- e.GET("/sessions/gpg-two-factor", handlers.SessionsGpgTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/sessions/gpg-two-factor", handlers.SessionsGpgTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
- e.GET("/sessions/gpg-sign-two-factor", handlers.SessionsGpgSignTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/sessions/gpg-sign-two-factor", handlers.SessionsGpgSignTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
- e.GET("/sessions/two-factor", handlers.SessionsTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/sessions/two-factor", handlers.SessionsTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
- e.GET("/sessions/two-factor/recovery", handlers.SessionsTwoFactorRecoveryHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/sessions/two-factor/recovery", handlers.SessionsTwoFactorRecoveryHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
- e.GET("/signup", handlers.SignupHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
- e.POST("/signup", handlers.SignupHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
+ e.GET("/login", handlers.LoginHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.POST("/login", handlers.LoginHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.GET("/login/:loginToken", handlers.LoginAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.POST("/login/:loginToken", handlers.LoginAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false), middlewares.NoAuthMiddleware)
+ e.GET("/sessions/gpg-two-factor", handlers.SessionsGpgTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.POST("/sessions/gpg-two-factor", handlers.SessionsGpgTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false), middlewares.NoAuthMiddleware)
+ e.GET("/sessions/gpg-sign-two-factor", handlers.SessionsGpgSignTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.POST("/sessions/gpg-sign-two-factor", handlers.SessionsGpgSignTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false), middlewares.NoAuthMiddleware)
+ e.GET("/sessions/two-factor", handlers.SessionsTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.POST("/sessions/two-factor", handlers.SessionsTwoFactorHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false), middlewares.NoAuthMiddleware)
+ e.GET("/sessions/two-factor/recovery", handlers.SessionsTwoFactorRecoveryHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.POST("/sessions/two-factor/recovery", handlers.SessionsTwoFactorRecoveryHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false), middlewares.NoAuthMiddleware)
+ e.GET("/signup", handlers.SignupHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false), middlewares.NoAuthMiddleware)
+ e.POST("/signup", handlers.SignupHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
e.GET("/public/css/:signupToken/signup.css", handlers.SignupCss, middlewares.CircuitRateLimitMiddleware(15*time.Second, 4, false))
e.GET("/public/img/:signupToken/:signal/:data", handlers.SignalCss, middlewares.CircuitRateLimitMiddleware(15*time.Second, 4, false))
- e.GET("/signup/invitation", handlers.SignupInvitationHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
- e.GET("/signup/invitation/:invitationToken", handlers.SignupInvitationHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
- e.POST("/signup/invitation/:invitationToken", handlers.SignupInvitationHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
- e.GET("/signup/:signupToken", handlers.SignupAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
- e.POST("/signup/:signupToken", handlers.SignupAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
- e.GET("/forgot-password", handlers.ForgotPasswordHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/forgot-password", handlers.ForgotPasswordHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
- e.GET("/forgot-password/:token", handlers.ForgotPasswordResetHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false))
- e.POST("/forgot-password/:token", handlers.ForgotPasswordResetHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false))
+ e.GET("/signup/invitation", handlers.SignupInvitationHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false), middlewares.NoAuthMiddleware)
+ e.GET("/signup/invitation/:invitationToken", handlers.SignupInvitationHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false), middlewares.NoAuthMiddleware)
+ e.POST("/signup/invitation/:invitationToken", handlers.SignupInvitationHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false), middlewares.NoAuthMiddleware)
+ e.GET("/signup/:signupToken", handlers.SignupAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false), middlewares.NoAuthMiddleware)
+ e.POST("/signup/:signupToken", handlers.SignupAttackHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false), middlewares.NoAuthMiddleware)
+ e.GET("/forgot-password", handlers.ForgotPasswordHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 4, false), middlewares.NoAuthMiddleware)
+ e.POST("/forgot-password", handlers.ForgotPasswordHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 2, false), middlewares.NoAuthMiddleware)
e.GET("/bhcli", handlers.BhcliHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
e.GET("/torchess", handlers.TorchessHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
e.GET("/captcha-help", handlers.CaptchaHelpHandler, middlewares.CircuitRateLimitMiddleware(1*time.Second, 5, false))
